Method and system for identifying and managing RF-ID attached objects

ABSTRACT

The present invention discloses a method and system for making losses due to the counterfeiting of RF-ID tags to a minimum, enhancing the reliability of RF-ID tag read-out and improving the overall reliability of the RF-ID tag system. An ID reader for communicating by radio with the RF-ID tag and reading tag data from the RF-ID tag transmits the data read-out results to a terminal management server connected to the ID reader. The terminal management server decodes the error correction signal from the read-out result data, also extracts the identification number section from the tag, and decides whether or not that identification number is valid. When determined to be a valid identification number, an inquiry is made to the system operation server connected over the network to find out if that identification number was previously read out and if that identification number might be counterfeit. The system operation server then refers to the log database, the blacklist database and process transition rule, calculates the probability of counterfeiting and automatically sends a warning message to the related department when there is a high probability of counterfeiting.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to a method and a system for managing RF-ID identification numbers for controlling the identification numbers used in RF-ID tags.

[0003] 2. Description of Related Art

[0004] In the method of the related art, an identification number for example, a barcode is printed on a paper seal and attached to objects such as merchandise for product control of those objects. However in recent years, the identification number is stored in an electronic medium not having its own power and that medium then attached to or embedded in an object. This electronic medium is here called an RF-ID tag. An RF-ID tag of this type is extremely small, inexpensive and can also be made in large quantities. A characteristic identification number is therefore stored in the RF-ID tag for applications such as verifying that the object the RF-ID tag is attached to is genuine. The RF-ID tag for example may be embedded within paper such valuable bonds or paper currency or may be attached to brand name products. To then verify the authenticity of that object, the identification number within the RF-ID tag is electronically scanned and collated with a group of identification numbers in a separate database. If a matching number is contained within that group of identification numbers then that number is determined to be genuine. If not contained within that group of numbers then that number is determined to be false.

[0005] This method is effective when implemented and the related art contains methods for encrypting and storing the identification number to prevent it from being scanned and copied.

[0006] However, the related art has a problem in that if the data within the RF-ID tag is copied and counterfeited, then detecting it as a counterfeit is difficult since the number itself is correct. Another problem is that reliability of the data in doubt when the data is electronically loaded by radio. Yet another problem is that even if encrypted, the data might be illegally decoded because it is short.

SUMMARY OF THE INVENTION

[0007] In view of the above problems with the related art, the present invention has the objective of providing a method and system to implement a method for holding losses due to counterfeiting to a minimum. Other objectives are to provide a method to improve the data reliability during loading and to make counterfeiting difficult by utilizing a randomization method.

[0008] In order to achieve the above objectives, in the method of the present invention, a system is comprised of an ID reader for reading (scanning) the RF-ID tag data sent by radio communication, a terminal management server for controlling the multiple ID readers, and also a system operation server for unified controlling and monitoring of the multiple terminal management servers installed over a wide area, in which in the method of the invention, the system operation server contains log databases for managing all of the scanned log data, and all past scanned information reported from the terminal management server is recorded and managed, replies are made to queries from the terminal management server and by searching the past scanned data, a search can be made of when where and in what process the identical tag data was read-out (scanned) and by using all that information, the authenticity of the subject tag data of the query can be verified.

BRIEF DESCRIPTION OF THE DRAWINGS

[0009]FIG. 1 is a drawing showing the structure of the RF-ID tag chip;

[0010]FIG. 2 is a block diagram showing the system utilizing the RF-ID tag data;

[0011]FIG. 3 is a diagram showing the structure of the RF-ID tag data;

[0012]FIG. 4 is a drawing showing the flow of the tag data process;

[0013]FIG. 5 is a drawing for illustrating the TRIE structure;

[0014]FIG. 6 is a drawing for illustrating the node data structure;

[0015]FIG. 7 is a diagram for illustrating the wide band operation management system; and

[0016]FIG. 8 is a drawing showing the authentication processing flow of the operation management server.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0017] The present invention works on the principle of detecting a possibility of multiple existence of unique identification number, by analyzing both the time and geographical information with identification number scanned from merchandise attached with RF-ID tags which are used in wide area. The present invention further includes of detecting that takes into account the aime of scanning identification number, which is to say the information the positioning in the processing flow. As explained in the following detailed description, the present invention also improves the reliability during data loading (read out) by using an error correcting code and a method for verifying an identification number as genuine by a method using pseudo random numbers.

[0018] The present invention is next described in detail while referring to the embodiment.

[0019] As shown in FIG. 1, the RF-ID tag (RFID is an abbreviation for Radio Frequency Identification) is a semiconductor chip 1 comprised of an antenna 3 inside the chip and a receiver/transmitter circuit 2 for radio communication with an external location, a read-only memory 4 for storing the tag data, a memory read control circuit 5 for loading data from the memory 4 and a power circuit 6 for supplying power to these circuits. The chip of this embodiment is small in size with dimensions for example of 0.4 millimeters on each of the four sides and 60 micrometers thick. A feature of this type of RF-ID tag is that it obtains energy for transmit from a (received) RF signal wave of 2.45 gigahertz. This energy operates the (RF-ID tag) circuit and since the RF-ID tag does not require its own power supply it can be made compact and used anytime and anywhere. The data read from the activated RF-ID tag circuit is then transmitted over the RF carrier wave.

[0020] The chip 1 (RF-ID tag) in this way replies to a request sent by radio from an ID-reader (described later) for reading data from the chip. The chip 1 then sends the data stored in the read-only memory 4 to the ID reader so the ID reader consequently receives the data. The distance between the ID reader and RF tag depends on the structural design of the RF-ID tag antenna but may be from 1 millimeter to several dozen centimeters. A description of the actual chip is omitted since the features of the present invention are in a different section.

[0021] In the present embodiment, the read-only memory 4 stores 128 bit data as described later on and each chip stores a different numerical value. The objective of the RF-ID tag is systematic manageement of the merchandise items and verifying the authenticity of the merchandise items by linking or matching this unique numerical value with the merchandise item affixed with the RF-ID tag.

[0022] The overall configuration of the system for utilizing the RF-ID tag is described in detail using FIG. 2.

[0023] The overall system of the present embodiment is comprised of the company 100 using RF-ID tag, an RF-ID tag management organization 110, a tag chip manufacturer 140 and an ID-reader manufacturer 150. The company 100 wishing to use the RF-ID tags makes a request to the RF-ID tag management organization 110 that supervises the RF-ID tags and specifies the quantity of RF-ID tags and the type of service application. The RF-ID tag management organization 110 commissions the manufacture of the RF-ID tag chips to the RF-ID tag chip manufacturer 140 based on the required information and also stores (registers) all information relating to the manufacture of the RF-ID tag chips in the tag data management system 111. In that case, the RF-ID tag management organization 110 generates the data that must be stored in the RF-ID tag chips to be manufactured and sends it to the RF-ID tag chip manufacturer 140. The manufactured RF-ID tag chips are then delivered to the RF-ID tag management organization 110 or directly to the company 100 wishing to use the RF-ID tags. After receiving the supply of RF-ID tag chips, the company 100 affixes the RF-ID tags to each individual product item. The RF-ID tags might be embedded in some the merchandise items during the merchandise manufacturing process if the merchandise item is adaptable to the embedding process. The data from RF-ID tags embedded in this way within the merchandise items are loaded (read out) one piece of merchandise at a time by the ID reader 20 and stored in that company's product management database 101. In other words, a match is established between the RF-ID tag and the merchandise attributes and by then scanning the RF-ID tag data, the merchandise matching that data can be individually designated and the attributes and state of that merchandise can be searched for in the database. The ID reader 20 for scanning (loading) data from the RF-ID tags is designed, manufactured and supplied by the ID-reader manufacturer 150 based on a minimum of information obtained from the RF-ID tag management organization 110.

[0024] The structure of the RF-ID tag data of the present embodiment is described next while referring to FIG. 3. In the present embodiment, the tag data is a 128 bit binary (integer) data stored in the read-only memory 4. The tag data structure consists of an 8 bit physical header, a 32 bit service header, a 56 bit service data, a 32 bit error correction code (ECC) for a total of 128 bits. The physical header (1 byte) specifies the type of RF-ID tag and defines the method, generation, and manufacturing source, etc. The service header (4 bytes) is capable of specifying 40,294,960,000 (or about 40.3 billion) services or applications. In actual use, the service header is divided up into two or more sub-fields, a service field, separate services, and may also have the task of their generation management. The number stored in the service header is referred to here as the service ID.

[0025] The following 56 bit service data (7 bytes) is an identification number for managing the merchandise. The final data, ECC (4 bytes) is redundancy bits for detecting code errors in the overall tag data and for correcting a portion of the errors. For example, errors up to four bytes can be detected or error of up to two bytes can be corrected by using Reed-Solomon error correcting code. In this way, error detection and error correction are possible even if data read-out (scanning) problems or data read-out errors are present due to causes such as data transmission errors during data scanning (read out). Reliability can in this way be enhanced. The distance between ID reader and RF-ID tag can also be increased to a larger distance than possible without using error correcting code to make usage more convenient.

[0026] The method of the present invention involves methods such as the service data structure method, usage method, management method and authenticity verification method. The identification number affixed to the merchandise to be managed with the RF-ID tag, or a number equivalent to that identification number is expressed by the service data. In the following description, the service data is simply called the identification number.

[0027] This identification number has the purpose of managing the merchandise as unique individual items as well as their authentication (genuine/false decision). A method is known for encrypting by using a specified secret key to make counterfeiting difficult. However, this method is not sufficiently robust against tampering since there are only a small number of data bits. The method of the present invention however utilizes pseudo-random numbers to define only numbers that correspond to a 28 bit section of data (identification number) as the genuine number from among 56 bit natural numbers. Besides being able to define the identification from approximately 268,430,000 numbers, the probability of being able to counterfeit the genuine identification number from among these numbers is 1 in among approximately 268,430,000 and therefore an extremely small probability.

[0028] The pseudo-random number used for this objective can be calculated by a method called the M series. Here, x(i) are non negative integers, and a, M are natural numbers in a recurrence formula;

x(i+1)=ax(i)+b(mod M)

[0029] The number x(i+1) then becomes an integer of between 0 and M−1, including 0 and M−1. Here, the operation (mod M) is to divide (a x(i)+b) by M and to take the remainder. Then, a series of x₀ becomes pseudo-random numbers when the constants a, b, M are selected appropriately. It is also known that by making b a power of 0, M a power of 2, and “a” a power of 3 or 5, when the initial value x(0) of x is made an odd number, the period of that series will be M/4. In the formula of this invention, M is the 56th power of 2. The initial value x(0) must be carefully selected. The nonlinear conversion feedback method can be utilized for the purpose of strengthening the encryption.

[0030] To manufacture the chip, the physical header value is first of all established from the tag chip architecture and generation. The service ID is next established and the identification number series for managing the merchandise items are then generated with pseudo-random number using the formula described above. Lastly, the error correcting code is generated. In this way, a maximum of 268,430,000 pieces of 128 bit data for attaching to the RF-ID tag are generated. The tag data management system 111 of FIG. 2 performs most of the processing. In that case, at least the initial value x(0) must be kept secret, then its security control is performed outside the tag data management system 111. The control (or management) may be performed for each service ID and therefore the company 100 (planning to use the RF-ID tags) may itself control this information. When transmitting the tag data to the RF-ID tag chip manufacturer 140, the information must be encrypted to keep it secret. As another method to maintain secrecy, the device for generating the tag data may be installed as a black box at the RF-ID tag chip manufacturer 140, and the RF-ID tag management organization 110 then encrypt and send only the required parameters.

[0031] The processing by the terminal management server 102 when reading out the 128 bit (16 byte) tag data from the ID-reader 20 as a signal is described next. The process flow is shown in FIG. 4. There are two occasions when the tag data is read out; the point in time when the manufactured tag chip is newly affixed to the merchandise, and the point in time at a state transition when the ownership of the merchandise is transferred, for example. The drawing in FIG. 4 shows the latter case (transfer of ownership). The terminal management server 102 performs error detection and error correction processing on the 16 byte data read as digital data from the ID reader 20 according to a specified algorithm. In other words, if an error is detected, then a decision is made whether correction is possible, namely whether the position of the error byte can be calculated or not. If correctable, then the error byte is corrected with the specified algorithm. If the position with the error is not correctable, then data read-out is treated as a failure with only error detection performed, and data read-out disable processing is implemented and the processing ends. Data read-out disable processing is the sending of a read-out fail signal to the ID reader 20 and setting to standby until the next data arrives. However, if no error is detected then normal processing is performed and operation proceeds to the next step. Here, normal processing is the sending of a read-out okay signal to the ID reader 20.

[0032] In the next step, the physical header is decoded and if it is a legal value, operation proceeds normally to the next step. If not a legal value or an unknown value, then error handling is performed and the process ends. Error processing as referred to here is the sending of a read-out fail signal along with an error code showing the physical header error.

[0033] In the next step, the service header is analyzed and verified. The operation here assumes that an application is running and that a service ID value (might also be multiple values) has been specified beforehand. Therefore, if this value is one of the previously designated values then it is correct, if none of the designated values then that value is wrong. In the latter (incorrect) case, as error handling (processing) a read-out fail signal is sent to the ID-reader 20 along with an error code showing the service ID is an error.

[0034] In the next step, the service data (identification number) is analyzed by a method described later and then authenticated. Basically, a decision is made whether or not the identification number that was read out is contained in the collection of unique identification numbers. In other words, a decision is made whether the number is a valid number or not. If the number is a clone that is a counterfeit of an RF-ID tag, then it might mistakenly be judged as “genuine” by this basic method. A method to eliminate this problem is described later on. Consequently when decided as genuine, a code showing correct read out is sent along with a read-out okay signal to the ID-reader 20 as the normal processing. All related information, for example the tag data from read-out and analysis, the date, time, the ID of the reader device and operator ID at that point in time are recorded in the system operation server 103. Identical data is also sent to the specified (business) application process. The application process depends on the merchandise used and the business process of the company handling that merchandise. In the present embodiment, the application is the one that manages the company's product management database 101, and the sales record is recorded in that database.

[0035] When judged on the other hand to be false (non-genuine), the error handling process sends a read-out fail signal along with an error code showing the service data error to the ID-reader 20. The service data error here is data that was correctly read out but also has unauthorized values and might be a counterfeit RF-ID tag. In such cases, the final processing method is determined based on the policy of the company using the RF-ID tags and is not described in further detail here. Technically however, all related information such as the date, time, tag data that was read, the ID of the reader device and the operator ID at that point in time are recorded in the system operation server 103. The tag data that was read is therefore determined as genuine or not on the terminal management server 102 in this way so this server (102) must therefore hold information relating to valid identification numbers. The method of the present embodiment for determining the validity (of the value) is described next.

[0036] The present embodiment handles 268,435,456 (equivalent to 128 bits) identification numbers (56 bit integers as the values). Basically, identification numbers of this size should all be stored in a memory of 56 bit words and a search must be made to find if the ID reader data matches one of the identification numbers. However, this requires a memory of 1879 megabytes. The method of the present invention therefore utilizes a structure known in information retrieval technology as the TRIE structure. In other words, the identification numbers are 56 bits (seven bytes) and by handling one byte of data as 256 symbols, the following method can be employed the same as when making a character string search.

[0037]FIG. 5 is a descriptive view of the TRIE structure. A TRIE structure with an average of 16 branches and 7 layers can be used to store a symbol string of seven symbols in a length of 268,435,456 elements. The average number of branch nodes is approximately 17,900,000. There are an average of 16 branches in each node so an average of 16 pieces of one byte data (corresponding to 16 symbols) and attached pointer information must be held. When the pointer information expresses absolute addresses throughout the entire memory space, access is performed at extremely high speed but a four byte pointer is required, and each node requires an average of 81 bytes (5 bytes×16+1). However, a pointer is not required in the final node layer. In this case, a memory of approximately 350 megabytes is required for all data in the TRIE structure. FIG. 6 shows the node data structure from the first layer to the sixth layer in this case. The number of branches held by the node is stored in the one byte data 250. The following data 251 stores the byte value (average of 16 elements) for the identification number of that level, and the four byte data 252 stores the corresponding pointer. The final level is a structure with no data 252 in the seventh level node. Not all of the 268,435,456 elements identification numbers are always issued when using the actual application so the required memory might be correspondingly smaller.

[0038] The method for storing all valid identification numbers was described above. Using this method to verify that the identification number that was read out is one of these (valid) numbers is simple. The seven byte data of the identification number is repetitively matched in sequence from the upper ranking bytes on down as shown in FIG. 6. This process is described using the k-th byte of data x(k), by comparing in sequence, values 1 through value n of data 251 in FIG. 6. When a match is found in this comparison process, the corresponding pointer is read, the process proceeds to the node specified by that pointer, and collation of the x(k+1) data is performed. If a match is not found, it signifies that x(1) to x(k−1) were a match but x(k) was not a match and therefore the identification number that was read out is determined not to be a valid number.

[0039] The method for verifying whether the tag data that was read out on the ID reader was genuine in the processing by the connected terminal management server 102 was described above. This process shows that the server (102) can verify whether the read out number is contained in the collection of valid identification numbers. However, when found to be contained among the valid identification numbers, still further verification as to whether the number is genuine or not must be performed. In other words, when it is not a valid identification number, it can be judged a non-genuine RF-ID tag, but when it is one of the valid identification numbers, still further verification processing is required. The method for that processing is described next.

[0040] The overall system is described again while referring to FIG. 7. The system operation server 103 controls the status of the entire system, and manages the multiple terminal management servers present over a wide area by way of a wide area network. The system operation server always has a log database 130 and as previously explained, receives all read-out information from all terminal management servers in real time and along with rewriting the log database (or historical database) also replies to queries from the terminal management servers.

[0041] Tag data, dates, times, reader device ID, operator ID and process ID are stored in the log database 130. Though not previously described, the process ID is a number showing what section the process for read-out of the merchandise RF-ID tag corresponds to in the overall business system. Though depending on the application where the RF-ID tag is used, the merchandise will be monitored multiple times at different levels so a system is used where the ID reader also applies a process ID and read-out results are reported to the system operation server 103 to clearly specify what levels the merchandise passed through. The process ID for example, defines the product inspection as 10, the factory shipment as 20, the wholesaler shipment as 30, the retailer shipment as 40, the sale as 50, merchandise return as 60, and maintenance as 70, and can manage the merchandise item according to this life cycle. In this case, rules can be established for the likelihood of a merchandise item shifting from one process to another based on the combination of similar products. A shift from 10 to 20 for example is possible. Shifts of 20 to 30, 30 to 40, 40 to 50, 50 to 60, and 50 to 70 are also possible. However, a shift of 10 to 50 is not likely. Namely, a merchandise item that has only received a product inspection is not likely to have an RF-ID read-out showing a 50 (sale) so it might have been counterfeited or stolen. When the RF-ID tags are used with paper currency, the process ID may define one process as depositing money in a bank or ATM (Automated Teller Machine), and conversely another process as withdrawing money from the bank or ATM. In this way, if a piece of paper currency (money) that should be inside a bank (or other facility) is detected again in the deposit process, then this can be detected as an abnormal situation.

[0042] The above described tag data in the log database is stored by grouping it into the physical header value, service header value and identification number fields. The identification number is registered in the database for making retrievals (searches). In this way, a search can instantaneously be made to find if the target identification number that was read out is already registered in that database or not. The date, time, location and process for that identification number can also be found when the search results are already stored in that log database. The location can be found from information on the reader ID, and from information relating to the location and ID reader stored by a separately specified method.

[0043] The processing when a query is made from a terminal management server relating to tag data read by an ID-reader controlled by that server is described next. The process flow is shown in FIG. 8.

[0044] First of all as shown in FIG. 8, a search is made for a past record of an identification number of that tag data from the log database. The flow applies to either of the following two cases:

[0045] 1) There is a record of the applicable identification number.

[0046] 2) There is no record of the applicable identification number.

[0047] In the case of 2) the number at this point is likely genuine (normal) so the check result code is set to “normal”. However in 1) there is already a record of the read-out number so the RF-ID tag might be a counterfeit. So a decision is made based on recorded information from the log database, whether or not the situation might occur considering the geographic and time conditions. Because the ID reader device that read the identification number being inquired about, and the ID reader device having a past record (of that number) are known, the geographic distance between these two reader devices can be estimated from position information on the readers stored in the database of the terminal management server 132 (FIG. 8). The time difference, t₁ between the time the identification number was inquired about and the read-out time in the past record can also be found. When multiple past records are found relating to the identification number being inquired about, the closest time from among these records is selected.

[0048] When the geographical distance is set as d, and the time difference is set as t, the probability f of an abnormality is modeled beforehand as a function of d and t. The abnormal probability function f(d, t) is calculated from the d and t obtained from the query results, compared with the threshold F stored separately, and if the calculated value of f is greater than F, it is determined to be a counterfeit and “error” is set as the result code. If f is equal to F, or if f is less than F, then that merchandise item (RF-ID tag) was decided to have been moved and then read in a decision valid up until the next process ID and the result code is set to “normal”.

[0049] Here, the abnormal probability function f(d, t) is first modeled as a function of the normal required time T(d) for moving the merchandise item a geographical distance d, and the actual time required, t. Specifically, when t is greater than T(t>T) the abnormal probability function is a large value. In this way, modeling may be performed so that f becomes f(T(d), t). This time T(d) will vary according to application provided and might not always be just an actual movement time but must be modeled to include time factors such as office processing time, etc.

[0050] A decision is next made by comparing the process ID. When the process ID at the time the ID number of the query is read is set as p1, and the most recent past record of the process ID is p2, a decision can be made whether or not a transition from p1 to p2 is logically possible by making a comparison with the process transition rules stored by a separate specified method (file 133). When decided that the transition is possible the result code is set to “normal”, and when decided the shift is impossible the result code is set to “error”. For example, when a merchandise item not yet shipped from the factory is read out as a process ID No. 50 (signifying “sold”) then this is judged an impossible transition between processes and the merchandise item is regarded as counterfeit. In applications using paper currency (or bank notes), this currency can be determined as money belonging within the bank (or ATM) or as money outside the bank. In other words, if the most recent process ID record shows that even though paper currency was deposited through an ATM, that RF-ID tag was again read out at a later data and separate location, then an abnormal situation such as counterfeiting is judged to have occurred since a single object cannot physically be in two different locations at the same time.

[0051] The system operation server 103 receives the result code set by the above processing and executes processing according to that result code. For example, when an error code has been set, the applicable identification number, and the information on the RF-ID tag determined to be an error are stored in the blacklist database 131 (FIG. 7) created according to the designated specifications. More specifically, the tag data, date, time, ID reader device, operator ID and process ID are stored in the blacklist database. During authentication processing, when the system has this type of blacklist database, the operation management server first of all accesses the blacklist database 131 and decides whether or not the identification number being inquired about (not listed in FIG. 8) is registered in that blacklist database.

[0052] In the system of the present invention, after the identification number of the RF-ID tag is read-out by radio from the RF-ID reader 20, the terminal management server decides whether or not the number is a “valid” number. If a valid number, an inquiry is made to the operation management server to determine if the valid number was previously read out in the past. If the number was previously read out, then when, where and further in what process that number was read out is verified and an overall decision made whether the identification number (and therefore the RF-ID tag) of the inquiry is genuine or not. If the identification number in question was not valid or is judged as not genuine based on the past read-out log (history), then an alarm message is promptly forwarded to the related office in compliance with the specified procedure. This identification number is also then registered in the blacklist database. The operator in that department or office worker can then take appropriate action based on these alarms or warnings.

[0053] The present invention was described based on the embodiment, however the present invention can also be implemented by variations of this system or method without departing from the scope or spirit of the present invention. For example, in the above description, the operation management server was separately managed by the company utilizing the RF-ID tag, however this task may be entrusted to an RF-ID tag management organization. Also in the above description, the decoding of the error correction code during RF-ID tag read-out was performed by the terminal management server, however the decoding may be performed internally in the ID reader 20.

[0054] The present invention is therefore capable of minimizing the counterfeiting of RF-ID tags and losses due to counterfeit RF-ID tags, enhancing the reliability of RF-ID tag read-out and improving the reliability of the overall RF-ID tag system. 

What is claimed is:
 1. An RF identification tag management method for controlling use of a non-powered RF-ID tag on a semiconductor chip, comprising: receiving an inquiry from a terminal management server for analyzing RF-ID tag data read-out by radio and deciding the validity of said data; searching a log database for storing RF-ID tag read-out records; deciding whether or not there is a record of a past read-out of same said RF-ID tag data; and verifying whether said RF-ID tag data is genuine and replies to said terminal management server.
 2. An RF identification tag management method according to claim 1, wherein, in making said decision, a database is utilized for storing the geographic position of said terminal management means, and the distance between the geographic position in the past read-out record and geographic position read out from said tag data as well as the differential between said respective read-out times are found, and authenticity is verified by using said time and distance differential information.
 3. An RF identification tag management method according to claim 1, wherein, in making said decision, rules are loaded from said record means relating to mutual process ID that specifies the type of process during read-out, and authenticity is verified by deciding whether or not a shift from a process ID relating to a past read-out record, to a process ID at read-out of said tag data is possible.
 4. An RF identification tag management method according to claim 1, wherein said tag data comprises at least a physical header, service header and service data, and said same service data is an integer of a limited fixed length showing the identification number for said service, and is generated as a pseudo-random number.
 5. An RF identification tag management method for controlling use of a non-powered RF-ID tag on a semiconductor chip, further comprising: receiving data read out from the RF-ID tag by radio; analyzing said RF-ID tag data and deciding the validity of said data; and when determined said data is valid, outputting said RF-ID tag data to a connected management server and receiving verification results on whether there is a past read-out record of said same tag data.
 6. An RF identification tag management method according to claim 5, wherein, in making said decision, rules are loaded from said record means relating to mutual process ID that specifies the type of process during read-out, and authenticity is verified by deciding whether or not a shift from a process ID relating to a past read-out record, to a process ID at read-out of said tag data is possible.
 7. An RF identification tag management method according to claim 5, wherein said tag data includes at least a physical header, service header and service data, and said same service data is an integer of a limited fixed length showing the identification number for said service, and is generated as a pseudo-random number.
 8. An RF identification tag management method according to claim 7, wherein a storage means is utilized for storing all service data generated as pseudo-random numbers in a TRIE structure handling one byte as one symbol, a search is made in byte units to find if service data of said RF ID identification tag that was read out is included among one of said pseudo-random numbers or not and validity is then decided.
 9. An RF identification tag management method according to claim 5, wherein said tag data contains redundant data for error code correction, and error correction code decoding is performed on tag data read-out results, and the specified error correction is performed when an error is correctable.
 10. An RF identification tag management system for controlling use of a non-powered RF-ID tag on a semiconductor chip, wherein said system comprises a system operation server for unified control and monitoring of the multiple terminal management servers dispersed over a wide area; and said operation management server acquires all tag read-out information from all terminal management servers, and registers their logs in a log database.
 11. An RF identification tag management system according to claim 10, wherein said system replies to said inquiries from said multiple management servers, accesses said log database managed by said system, searches records relating to said tag data, and also verifies the authenticity by making an overall judgment on the time, locations, and read-out process information stored in said database. 